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Amendments^o the Specification: 



Please replace the paragraph beginning on page 1, line 6, with the following 
paragraph: 



^ Copending application Serial # 09/459,240, filed on even date herewith, 
entitled "System for Electronic Repository of Data Enforcing Access Control 
on Data Search and Retrieval" and incorporated herein by reference. 



Please replace the paragraph beginning on page 3, line 16, with the following 
amended paragraph: 




Accordingly, in one aspect, the present invention provides a secure system for 
searching electronic data files stored in a data repository system. The system 
includes a communications environment that houses a first agent program for a 
depositor computer of an electronic data file in the data repository system and a 
second agent fe^E&eei program for a first user computer with access privileges 
to the electronic data file. A manifest is accessible to and maintained by the 
first agent program. The first user computer has a record of its access 
privileges to the electronic data file which is accessible to and maintained by 
the second agent program. When changes are made to the manifest affecting 
the first user computer's access privileges to the electronic data file, these 
changes are communicated fi-om the first agent program to the second agent 
program so that the first user computer's record of its access privileges can be 
updated. The first agent program is also able to verify the first user computer's 
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access privileges to the electronic data file before the electronic data file is 
released to the second agent program. 



Please r^lace the paragraph beginning on page 5, line 7, with the following 
amended paragraph: 



A Figure 4 , consisting of Figures 4A and 4B, [[is]] contain a flow diagram 
illustrating the process of document retrieval according to the invention; 



Please replac^the paragraph beginning on page 5, line 29, and ending on page 
6, line 6, "with the following amended paragraph: 




In such conventional systems, the document deposited by the document 
originator 100 is normally not encrypted [[to]] so that the business partner 106 
will be able to review the document on demand. This is because there are 
problems associated with decrypting documents in the prior art. Document 
decryption requires access to the private key of the document originator 100. 
To give access to its private key, the document originator 100 must either make 
itself available online during all times that decryption might be requested in 
order to perform the decryption itself (the issue of system availability), or must 
set up a scheme in advance to make its private key available directly to the 
business partner 106 or through a trusted proxy (not shown). 



Pleas^eplace the paragraph beginning on page 6, line 18, with the following 
amended paragraph: 
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Thus, in oonvontion conventional systems where documents are deposited for a 
period of time and are not encrypted (Figure 1), the third party administrator of 
the repository service 104 must be trusted with maintaining the integrity of the 
document. 

Please repl^^^e paragraph beginning on page 1 1, line 20, with the following 
amended paragraph: 



The encrypted document, the document originator's notarized signature, and 
^ the non-repudiation receipt are all stored in the application server's repository 
or the application database (block [[318]] 314) . The non-repudiation receipt is 
sent to the vault of the document originator (block 316). the vault of the 
document originator checks the correctness of the non-repudiation receipt 
(block 318) by verifying the signature of the encrypted document. The 
document originator's vault also checks the currency of the time stamp in the 
notarized signature (block 320). The tolerance for the time stamp is application 
dependent. If either of these tests fail, an error message is returned to the AS 
vault (block 322) and logged in the system. If the receipt is correct and 
current, the application running the user's vault returns the non-repudiation 
receipt to the originating user (block 324) to be cached locally for future 
reference, in the event proof is required that the document has been stored m 
the repository. 

Please re^icetiie paragraph beginning on page 12, line 8, with the following 
amended paragraph: 
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Figure 4 is a Figures 4A and 4B contain a flow diagram illustraimg the sieps. 
according to the preferred embodiment of the invention, which must take place 
to permit a document to be retrieved by a requester who has been authorized 
under a type of manifest maintained by the document originator for each 
document called an access control Ust (ACL). As in Figure 3, the process steps 
have been divided between the three actors, user, application server and 
requester, on the basis that the personal vaults of each are notional secure 
extensions of their respective work spaces. 




Please repMce the paragraph beginning on page line 25, with the following 
amended paragraph: 

Where the a complete data restore of the document database, ACLs, capability 
lists and corresponding tokens stored in the vaults is performed, users 
authorized to access a document before TIMEl, can also access it after 
TIME2. This means that if a user was authorized before HMEl, but the 
authority was revoked after TIMEl but before TIME2, the user will have 
document access until the document owner performs a check of the ACL token. 
All users should therefore do an ACL and capability list check following a 
compete data restoration. 
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